Audit of the Federal Bureau of Investigation s Implementation of Its Next Generation Cyber Initiative

Size: px
Start display at page:

Download "Audit of the Federal Bureau of Investigation s Implementation of Its Next Generation Cyber Initiative"

Transcription

1 Office of the Inspector General U.S. Department of Justice Audit of the Federal Bureau of Investigation s Implementation of Its Next Generation Cyber Initiative Audit Division July 2015

2 AUDIT OF THE FEDERAL BUREAU OF INVESTIGATION S IMPLEMENTATION OF ITS NEXT GENERATION CYBER INITIATIVE EXECUTIVE SUMMARY The Federal Bureau of Investigation (FBI) has reported that the frequency and impact of cyber attacks on private sector and government computers increased dramatically in the last decade and are expected to continue to grow. In January 2012, former FBI Director Mueller stated during a congressional testimony that he expected the cyber threat to surpass the terrorism threat to our national security in the years to come. According to current FBI Director, James B. Comey, Jr., the FBI is prioritizing the investigation and prevention of cyber intrusions against the United States. The FBI has designated the protection of the United States against cyber-based attacks and high-technology crimes as its number three priority, behind only counterterrorism and counterintelligence. Following the Office of the Inspector General s (OIG) April 2011 report on the FBI s ability to address the national cyber intrusion threat, in October 2012 the FBI launched its Next Generation Cyber (Next Gen Cyber) Initiative to enhance its ability to address cybersecurity threats to the United States. 1 In fiscal year 2014, the FBI initially budgeted $314 million for its Next Gen Cyber Initiative, including a total of 1,333 full-time positions (including 756 agents). In addition, the Department of Justice (Department) requested an $86.6 million increase in funding for fiscal year 2014 to support the Initiative. The objective of this audit was to evaluate the FBI s implementation of its Next Gen Cyber Initiative. In our 2011 report, the OIG made 10 recommendations to improve the FBI s efforts in this area, including that the FBI establish policies and procedures for the sharing of information at the National Cyber Investigative Joint Task Force (NCIJTF); enhance efforts to educate FBI field office personnel on the NCIJTF s role and use within FBI s national security cyber strategy; evaluate the effectiveness of the step-by-step training course for FBI agents on how to investigate national security intrusion cases; reconsider the rotation policy for cyber agents and ensure that agents skilled and experienced in cyber intrusions are available to FBI field offices; and consider developing regional hubs with agents that are experts in investigating national security intrusions. The Next Gen Cyber Initiative is an ongoing, multi-year strategy that included two fundamental changes to the way the FBI addresses cyber threats. First, the FBI narrowed the focus of its Cyber Division to work solely on cyber intrusions because the FBI determined that they pose the greatest threat to national security. Simultaneously, the FBI transferred non-intrusion programs 1 U.S. Department of Justice Office of the Inspector General, The Federal Bureau of Investigation s Ability to Address the National Security Cyber Intrusion Threat, Audit Report (April 2011). i

3 previously run by the Cyber Division, including the Innocent Images National Initiative addressing child pornography and the Intellectual Property Rights Program, to its Criminal Investigative Division (CID). Second, the FBI shifted its cyber intrusion emphasis from reacting to cyber-attacks to predicting and preventing them. In the context of this new framework, the Next Gen Cyber Initiative focuses on four areas: (1) strengthening the NCIJTF; (2) advancing the capability of the FBI cyber workforce and supporting related enterprise infrastructure; (3) expanding the Cyber Task Forces focused on intrusion investigations in each of the FBI s 56 field offices, and (4) enhancing information sharing and operational collaboration with the private sector. Our current audit found that the FBI has made considerable progress towards achieving the goals it established for the Next Gen Cyber Initiative. We found that the NCIJTF, which serves as a coordination, integration, and information sharing center among 19 U.S. agencies and international representatives for cyber threat information, is no longer perceived as an extension of the FBI. Additionally, according to NCIJTF partners, information sharing has improved among the members, which was an issue identified in our 2011 report. Also, the FBI has established Cyber Task Forces in all 56 field offices. In 2011, the FBI had Cyber Crime Task Forces in 45 of the 56 field offices. Furthermore, the FBI has implemented a cyber-specific training strategy to improve the technical skills of its entire workforce, with specific training made available to those working cyber intrusion investigations. The FBI is offering qualified personnel an opportunity to participate in a Master s Degree program at Carnegie Mellon University and is in the process of initiating a similar program at New York University s Polytechnic School of Engineering, to provide an attractive incentive and valuable training to help recruit, develop, and retain the cadre of FBI cyber professionals. While the FBI has made progress in implementing its initiative, we found that there are still issues preventing the FBI from fully meeting all of its goals for the Next Gen Cyber Initiative. In particular, we found that: the NCIJTF did not have a process to measure the timeliness of information sharing among members; recruitment and retention of qualified candidates remain a challenge for the FBI, as private sector entities are often able to offer higher salaries and typically have a less extensive background investigation process; the FBI has encountered challenges in attracting external participants to its established Cyber Task Forces; the FBI did not hire 52 of the 134 computer scientists for which it was authorized; and 5 of the 56 field offices did not have a computer scientist assigned to that office s Cyber Task Force. ii

4 Finally, although the FBI is working to develop strategies to enhance outreach to private sector entities, it continues to face challenges partnering and sharing information with these entities. While the FBI has developed reports to provide the private sector with actionable information to allow it to protect its networks and to disseminate technical information gleaned from some ongoing investigations, both FBI and private sector representatives acknowledged to us that information sharing remains a challenge. We found that when the private sector shares information with the FBI, it is perceived by the private sector as akin to sending information into a black hole because they often do not know what becomes of it. We also found that the private sector is reluctant to share information with the government based on concerns regarding balancing national security and individual privacy interests. The private sector reluctance to share information has been further affected by the distrust of government created by the Edward Snowden leaks. 2 Private sector representatives have also expressed privacy concerns about how the information collected will be used. Additionally, information the FBI shares with the private sector is often considered by the recipients to be not useful because it is already known, lacks context, or is outdated. While the FBI continues to advance its cyber capabilities, we found that it still needs to: (1) continue to focus its efforts on recruiting and retaining highly-skilled, technically trained cyber professionals; (2) increase external partners participation on the Cyber Task Forces, including enhancing state and local law enforcement and interagency participation; and (3) expand private sector outreach to develop an environment that promotes information sharing and collaboration. We believe that the FBI needs to address these challenges to most effectively identify and address emerging cyber intrusion threats. This report contains eight recommendations to assist the FBI in meeting these objectives and achieving the goals of the Next Gen Cyber Initiative that are the basis for its efforts to address this significant and growing threat to our national security. 2 Edward Snowden is an American computer professional who worked at the National Security Agency as a contractor and revealed classified information, including details of United States government global surveillance programs. Snowden has been charged by the Department of Justice with violating the Espionage Act and theft of government property. United States v. Edward J. Snowden, 1:13 CR 265 (CMH). iii

5 AUDIT OF THE FEDERAL BUREAU OF INVESTIGATION S IMPLEMENTATION OF ITS NEXT GENERATION CYBER INITIATIVE TABLE OF CONTENTS INTRODUCTION... 1 Background... 2 Office of the Inspector General Audit Approach... 3 FINDINGS AND RECOMMENDATIONS... 5 National Cyber Investigative Joint Task Force... 5 National Cyber Investigative Joint Task Force... 5 Cyber Workforce Development... 8 Recruitment and Retention... 8 Training... 9 Computer Scientists Expansion of Cyber Task Forces Cyber Task Forces Cyber Division Headquarters Reorganization Private Sector Outreach and Coordination Information Sharing and Collaboration Challenges in Sharing Information Conclusion Recommendations STATEMENT ON INTERNAL CONTROLS STATEMENT ON COMPLIANCE WITH LAWS AND REGULATIONS APPENDIX 1: OBJECTIVE, SCOPE, AND METHODOLOGY APPENDIX 2: FEDERAL BUREAU OF INVESTIGATION S RESPONSE TO THE DRAFT AUDIT REPORT APPNEIDX 3: OFFICE OF THE INSPECTOR GENERAL ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT... 32

6 AUDIT OF THE FEDERAL BUREAU OF INVESTIGATION S IMPLEMENTATION OF ITS NEXT GENERATION CYBER INITIATIVE INTRODUCTION The Federal Bureau of Investigation (FBI) has reported that both the frequency and the impact of cyber-attacks on our nation s private sector and government networks have increased dramatically over the past decade. In September 2014, FBI Director James B. Comey, Jr. testified that the FBI is prioritizing the investigation and prevention of intrusions against the United States, including botnets, state-sponsored hackers, and global cyber syndicates, and that the FBI is working to predict and prevent attacks rather than simply react after an attack has occurred. 3 As a result, the FBI has designated the protection of the United States against cyber-based attacks and high-technology crimes as its number three priority, behind only counterterrorism and counterintelligence. The FBI has found that the range of actors conducting intrusions is as complex as it is varied. These cyber actors include spies from nation-states who seek secrets and intellectual property; organized criminals who want to steal personal identities and money; terrorists intent on attacking the power grid, water supply, or other infrastructure; and hacktivists who are politically motivated to make a statement through their conduct. The FBI investigates all of these types of attacks to determine the actors responsible for the intrusions. For example, in October 2014, the FBI released an alert indicating that it had high confidence that highly skilled Chinese government-affiliated cyber actors were routinely stealing high value information from United States companies and government agencies. Also, according to a December 2014 FBI press release, the FBI initiated an investigation of a cyber attack on Sony Pictures Entertainment. The FBI investigation concluded that the North Korean government was responsible for the cyber attack. While stating that it has seen a wide variety and increasing volume of cyber intrusions, the FBI indicated that the destructive nature of the Sony Pictures Entertainment attack set it apart because it reflected the intent of a hostile foreign government to inflict significant harm on a United States business and suppress the right of United States citizens to free speech within our own 3 James B. Comey, Jr., Director, Federal Bureau of Investigations, before the Homeland Security Committee, U.S. House of Representatives, concerning Worldwide Threats to the Homeland (September 17, 2014). Botnets are remotely controlled systems used to coordinate attacks and distribute phishing schemes, spam, and malware attacks. The FBI defines state-sponsored hackers as groups or individuals conducting computer network operations at the direction of, or with the support of, a nation state. Global cyber syndicates are organized criminal groups who use spam, spyware and malware, and other types of cyber tools to engage in criminal conduct, including identity theft, online fraud, and computer extortion for monetary gain. 1

7 borders and beyond. The FBI s most recent major initiative to strengthen its cyber capabilities to address attacks such as these is the Next Generation Cyber Initiative. Background In April 2011, the Department of Justice Office of the Inspector General (OIG) issued a report that addressed the FBI s ability to address the national security cyber intrusion threat. 4 The report made 10 recommendations to the FBI to help it to improve its efforts in this area, including that the FBI establish policies and procedures for the sharing of information at the National Cyber Investigative Joint Task Force (NCIJTF); enhance efforts to educate FBI field office personnel on the NCIJTF s role and use within FBI s national security cyber strategy; evaluate the effectiveness of the step-by-step training course for FBI agents on how to investigate national security intrusion cases; reconsider the rotation policy for cyber agents and ensure that agents skilled and experienced in cyber intrusions are available to FBI field offices; and consider developing regional hubs with agents that are experts in investigating national security intrusions. The FBI has provided the OIG with documentation to show that the FBI has adequately addressed all 10 of the recommendations contained in the 2011 report. The FBI initiated its Next Generation Cyber (Next Gen Cyber) Initiative in May 2012 in order to enhance the FBI s ability to address the full range of cybersecurity threats to the United States. According to the FBI, implementation of the Next Gen Cyber Initiative has focused on four areas: (1) strengthening the NCIJTF; (2) advancing the capability of the FBI s cyber workforce and supporting related enterprise infrastructure; (3) expanding Cyber Task Forces in each of the FBI s 56 field offices that focus on intrusion investigations; and (4) enhancing information sharing and operational collaboration with the private sector. The Next Gen Cyber Initiative represents a fundamental shift in the FBI s approach to addressing the cyber threat, changing its focus from reacting to cyberattacks to predicting and preventing them. As part of the Next Gen Cyber Initiative, the Cyber Division was restructured to focus solely on computer intrusions and the FBI transferred responsibility for the investigation of crimes not focused on intrusion, specifically the Cyber Crime Program, Innocent Images National Initiative (addressing child pornography), Intellectual Property Rights, Internet Fraud, Internet Extortion, Identify Theft, Internet Money Laundering, and Internet Gambling, from the Cyber Division to the Criminal Investigative Division. The FBI-wide initiative encourages collaboration between the Cyber, Training, and Operational Technology Divisions and is supported by the Finance Division, Resource Planning Office, and Directorate of Intelligence. For fiscal year (FY) 2014, the FBI initially budgeted $314 million for its Next Gen Cyber Initiative, including a total of 1,333 full-time positions (including 756 agents). In addition, the Department of Justice (Department) requested an $86.6 million increase in funding 4 U.S. Department of Justice Office of the Inspector General, The Federal Bureau of Investigation s Ability to Address the National Security Cyber Intrusion Threat, Audit Report (April 2011). 2

8 for FY 2014 to support the Initiative. In this audit, we evaluated the FBI s implementation of its Next Gen Cyber Initiative in each of its four core areas. Office of the Inspector General Audit Approach The OIG conducted this audit to evaluate the FBI s implementation of the Next Gen Cyber Initiative to combat cyber intrusions. To accomplish this objective, we interviewed more than 50 FBI officials at FBI headquarters and FBI field offices. We also interviewed 3 Department of Justice officials, 10 NCIJTF members, and more than 12 private sector entities, including officials from the Carnegie Mellon University Software Engineering Institute and the National Cyber-Forensics and Training Alliance (NCFTA). We reviewed Next Gen Cyber Initiative planning documentation, records, and reports, and conducted five site visits to FBI field offices. The scope of our audit includes the implementation of the FBI s Next Gen Cyber Initiative from May 2012, when the initiative was announced, through January In this report, the first finding describes the steps the FBI has taken to strengthen the NCIJTF, including changes to its organizational structure intended to ensure that the NCIJTF is no longer perceived as an extension of the FBI s Cyber Division and its efforts to foster interagency cooperation and information sharing. We interviewed 10 NCIJTF members, including representatives from the National Security Agency (NSA); the U.S. Department of Homeland Security (DHS); the Central Intelligence Agency (CIA); the Air Force Office of Special Investigations (AF- OSI); U.S. Cyber Command; and Five Eyes partners from Australia and the United Kingdom. 5 In the second finding, we discuss the FBI s efforts to expand workforce training and enterprise infrastructure. Specifically, we reviewed the FBI s efforts to hire, train, and retain key cyber staff and the status of the FBI s efforts to fill cyber positions through January Additionally, we reviewed the FBI s new cyber training strategy to improve the skills of FBI employees, especially those working cyber intrusion investigations. Finally, we reviewed the challenges the FBI is facing in its effort to recruit and retain highly skilled cyber personnel, as well as the initiatives the FBI has planned to assist with addressing the challenges. The third finding focuses on the expansion of the FBI s Cyber Task Forces in all of its 56 field offices and the FBI s efforts to recruit non-fbi participants to serve as Task Force Officers. To inform our review of the FBI s efforts in this regard, we conducted interviews with individuals from the following FBI field offices: Newark, New Jersey; Philadelphia, Pennsylvania; Pittsburgh, Pennsylvania; San Francisco, California; and Seattle, Washington. We also interviewed task force officers, including personnel from other law enforcement entities. 5 Five Eyes (FVEY) is an alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. 3

9 The last finding describes information sharing and collaboration between the FBI and the private sector. We interviewed FBI officials, reviewed several FBI officials testimonies related to the FBI s efforts to combat cyber intrusions, and interviewed individuals from private sector entities to gain an understanding of the FBI s efforts to enhance its information sharing and collaboration with the private sector. We also interviewed individuals from the FBI Cyber Division Operations and Outreach Section, including officials from the National Industry Partnership Unit (NIPU), Guardian Victim Analysis Unit (GVAU), and Key Partnership Engagement Unit (KPEU). Appendix 1 contains further descriptions of our audit objectives, scope, and methodology. 4

10 FINDINGS AND RECOMMENDATIONS National Cyber Investigative Joint Task Force The FBI has made progress in strengthening the National Cyber Investigative Task Force (NCIJTF). NCIJTF members told us that information sharing between NCIJTF members has improved over the last several years. The NCIJTF is no longer perceived as an extension of the FBI s Cyber Division and instead it is seen as a multi-agency effort focused on coordinating, integrating, and sharing information related to domestic cyber threat investigations. But, the FBI should develop a process to track and measure the timeliness of information sharing. National Cyber Investigative Joint Task Force The National Cyber Investigative Joint Task Force (NCIJTF) was established by Presidential directive in 2008 to serve as the national focal point for the United States government to coordinate, integrate, and share information related to domestic cyber threat investigations. 6 Under the directive, the FBI was given the responsibility for developing and operating the NCIJTF. The NCIJTF currently colocates members from 19 federal partners in the intelligence, law enforcement, and military sectors who collaborate and share intelligence about national security cyber threats and cyber actors. 7 Strengthening the NCIJTF One objective of the Next Gen Cyber Initiative was to strengthen the NCIJTF. To accomplish this objective, the FBI sought to formalize international participation and ensure the NCIJTF was no longer perceived by stakeholders as an extension of the FBI Cyber Division. In furtherance of this objective, we found that the NCIJTF was able to co-locate Five Eyes (FVEY) partners from Australia and the United Kingdom on a full-time basis and a representative from Canada on a part-time basis. As of January 2015, the NCIJTF was also working with New Zealand to bring a representative to the NCIJTF. We found the FBI has taken steps to remove the perception among its stakeholders, including interagency members, that the NCIJTF and FBI Cyber Division are synonymous. When the NCIJTF was formally established in 2008, the FBI s Cyber Division National Security Section and the 6 National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (2008). 7 In addition to 19 federal partners, the NCIJTF has five affiliates. Affiliates are agencies that have a signed memorandum of understanding with the NCIJTF and have personnel on site at the NCIJTF. However, the agencies do not have a primary cyber investigative role and their personnel do not have a primary role in NCIJTF campaigns. 5

11 NCIJTF functioned as a synonymous entity. 8 At that time, as we noted in our 2011 report, the NCIJTF was the headquarters component of the FBI s national security cyber efforts and the FBI appointed the Chief of the Cyber Division National Security Section to also serve as Director of the NCIJTF. 9 In addition, the NCIJTF functionally acted as the operational arm of the FBI s Cyber National Security Section. Under the Next Gen Cyber Initiative the NCIJTF redirected its mission back to coordination, integration, and information sharing to better serve the law enforcement, intelligence, and military communities as a whole. Reflecting this change, the FBI revised the organizational structure of the NCIJTF, beginning in October 2012 with the formal separation of the FBI s Cyber Division operations from the NCIJTF and the designation of a dedicated NCIJTF Director. To further facilitate the separation, the NCIJTF incorporated representatives of non-fbi agencies into senior leadership positions at the NCIJTF. For example, a high ranking representative from the NSA was designated Principal Deputy Director of the NCIJTF in March We found that, as a result of these changes, the NCIJTF is no longer perceived by stakeholders as an extension of the FBI s Cyber Division. Further, NSA s elevation and commitment are notable given the finding in our 2011 report that the NSA was not a fully integrated partner in the NCIJTF. In addition to redirecting its mission back to coordination and information sharing, the NCIJTF is also expanding its capabilities and increasing its staffing level. To accomplish this, the NCIJTF will be expanding its physical space. Currently, the NCIJTF is physically located in the same building as the Cyber Division s operational units. We were told by NCIJTF s Principal Deputy Director that the Cyber Division s operational units moved to a nearby location in January The FBI Cyber Division move is expected to free up valuable space and provide the NCIJTF with the opportunity to expand and strengthen its capabilities. We believe that the organizational changes, including the designation of a high ranking dedicated NCIJTF Director, non-fbi agency participation in senior leadership, and the move of the FBI s Cyber Division operations to another location, should continue to further allow for the NCIJTF to establish itself outside of being seen as an extension of the FBI. Information Sharing In our 2011 report, we found that the FBI and other NCIJTF members did not consistently share cyber intrusion threat information with each other and that, where investigative information was not shared, NCIJTF members were not told 8 The Cyber National Security Section, which due to reorganization no longer exists, was responsible for managing the FBI s counterterrorism and counterintelligence computer intrusion operations. The responsibility of the Cyber National Security Section has been divided amongst three newly-created sections in the Cyber Operations Branch. 9 OIG, National Security Cyber Intrusion Threat, (April 2011). 6

12 why they did not receive available information. We also found a lack of coordination between FBI field offices and the NCIJTF regarding national security cyber intrusions, and that NCIJTF partners were not integrated into NCIJTF operations, with several of the partners not having a memoranda of understanding (MOU) in place establishing information sharing protocols among the NCIJTF members. The OIG made several recommendations related to these issues and the recommendations were closed after we verified that the FBI established NCIJTF information sharing policies and procedures for sharing information among all its members. During this audit, NCIJTF members told us that they believe interagency collaboration has increased and information has been shared freely between member agencies as necessary. For example, the Operation Clean Slate Initiative was a continuous, targeted campaign aimed at eliminating significant botnets affecting United States interests. This initiative included United States government partners, international partners, and other private sector stakeholders. The NCIJTF members who we interviewed confirmed that there was significant and appropriate sharing of information between NCIJTF members in carrying out this initiative. However, we were also told that the NCIJTF did not have a process to track and review the timeliness of such information sharing. We believe this is significant because if information sharing is delayed, the FBI cannot be certain NCIJTF members are able to use the information to effectively prevent or mitigate threats in a timely manner. Given the potentially negative impact outdated information can have on the NCIJTF s ability to effectively minimize or prevent a cyber attack, we believe that the FBI should develop a process to measure the timeliness of information sharing at the NCIJTF. 7

13 Cyber Workforce Development An important objective of the Next Gen Cyber Initiative is to advance the capability of the FBI s cyber workforce. The FBI implemented a new training strategy to improve the technical skills of the entire FBI workforce, with specific training made available to those working cyber intrusion investigations. However, the FBI continues to encounter challenges recruiting, hiring, and retaining technically trained cyber personnel. The FBI also encountered challenges in hiring computer scientists to fill advanced technical skills positions in its field offices. FBI officials told us that it is difficult to compete with private sector entities that can offer higher compensation to individuals with highly technical cyber skills. The FBI background investigation process, which includes interviews, drug tests, and polygraph examinations, also excludes many candidates that otherwise meet the educational qualifications. FBI officials also told us that the 2013 federal budget sequestration and a government-wide hiring freeze contributed to this challenge. Recruitment and Retention We found that the recruitment and retention of cyber personnel is an ongoing challenge for the FBI. One FBI Human Resources official told us that there is a huge disparity between the number of people recruited and the number of special agents or professional staff actually hired by the FBI, and he described hiring as a funneling process. While the process may start with a recruitment event attended by 5,000 interested candidates, the inability of candidates to meet the FBI s specific eligibility criteria reduces that number to approximately 2,000 eligible candidates. Subsequently he told us that only about 2 candidates out of such a group are actually hired by the FBI. Another FBI official told us that the FBI loses a significant number of people who may be interested because of the FBI s extensive background check process and other requirements, such as all employees must be United States citizens and must not have used marijuana in the past 3 years, and cannot have used any other illegal drug in the past 10 years. Another factor may be that private sector entities are able to offer technically trained, cyber professionals higher salaries than the FBI can offer. During our audit, the FBI provided us with information on recommended steps for addressing the current and anticipated workforce challenges. To address the key challenges, an FBI working group recommended several measures, which were being prioritized at the time of our audit work. Some of the steps proposed included supporting and encouraging mobility of personnel between the public and private sectors to bring knowledgeable and seasoned professionals back to the FBI. Another proposed measure was to refocus the Student Loan Repayment Program (SLRP) so that a greater percentage of it is used to assist financially in recruiting personnel into targeted positions. Other proposed steps included establishing high 8

14 school recruiting programs and targeted utilization of the FBI s University Education Program. 10 The FBI s Human Resource Division is working with FBI divisions and field offices to develop recruiting programs to identify schools, universities, clubs, and professional organizations that focus on the development and promotion of cyber education and talent. One FBI official explained that the FBI is offering several incentives to recruit individuals including school loan repayment, reimbursement for continuing education, and hiring at higher salary levels on the general pay scale. He also added that the FBI is providing training opportunities for existing personnel including certifications and enrollment in the Carnegie Mellon University Master s program in Information Technology as retention tools. In addition, in December 2014, the FBI announced to its employees a similar program at the New York University Polytechnic School of Engineering. We were told that such advanced educational opportunities provide an attractive inducement for individuals with cyber skills to stay with the FBI and, as discussed below, they can provide a valuable training opportunity for them as well. Still, although recruitment and retention of skilled cyber professionals is challenging for the FBI, most of the FBI cyber agents we interviewed told us that it is the FBI s mission that motivates them to stay at the FBI rather than leave for more lucrative positions. Training One objective of the Next Gen Cyber Initiative was to improve the cyber skills of its employees. To achieve this objective, the FBI implemented a new training strategy in The cyber training strategy included: (1) High Technology Environment Training, an initiative to improve the technical skills and baseline technological knowledge of the entire FBI workforce; (2) commercially available training courses for cyber personnel so that they can maintain their skills; and (3) opportunities for qualified FBI personnel to earn a Master of Science degree in Information Technology. In addition, we reviewed the results of a 2013 FBI training survey conducted to gain a better understanding of the training needs of the cyber workforce. High Technology Environment Training To address the increasing role of computer technology in criminal activity and to enable its most technically skilled cyber agents to focus on the most complex cases, the FBI developed an enterprise-wide training curriculum called High Technology Environment Training (HiTET). According to the FBI, HiTET was designed to ensure that the FBI s Special Agents, Intelligence Analysts, and professional staff possess the basic technical capabilities to address the growing cyber threat in the broad array of investigations that include a cyber element, but may not be focused cyber investigations. The HiTET Overview course was designed 10 The FBI established the University Education Program (UEP) to enable qualified employees in the Counterterrorism, Counterintelligence, Cyber, and Security Programs to earn advanced degrees. The UEP is a tuition reimbursement program. 9

15 to provide non-technical personnel with a working knowledge of the growing cyber threat and teach them basic cyber investigative techniques that do not require a high level of technical expertise. HiTET is provided through the FBI s web-based Virtual Academy, which includes other cyber training course opportunities ranging from introductory to intermediate and are commensurate with personnel assignment and roles. Another HiTET class titled Obtaining and Analyzing Digital Records teaches personnel techniques for retrieval of digital evidence. According to the FBI, when non-technical personnel have this capability, they can retrieve data on their own in appropriate circumstances, thus allowing the FBI s most technically skilled cyber agents and specialists to concentrate on issues that require a higher degree of technical expertise. Some of the HiTET courses are also offered to state and local law enforcement personnel through the Law Enforcement Online (LEO) secure information sharing portal. SANS Institute FBI officials told us that the FBI had changed its training curriculum in response to recommendations in the OIG s 2011 report. Our report identified issues related to the format of the FBI's cyber development plan that could impede an agent's ability to acquire the training needed to investigate national security intrusion incidents effectively. One FBI official told us in the course of this review that the FBI is now focused on identifying the core skills cyber agents need and ensuring they receive proper training. As part of this effort, the FBI entered into a contract with the SANS Institute (SANS), a private company that specializes in information security and cyber security training. FBI headquarters personnel cited several benefits of the SANS training. SANS frequently revises its courses and course offerings to provide professionals with the tools necessary to stay current in the ever changing cyber environment. SANS also offers regional training courses and in-house training for FBI personnel. The FBI eventually would like to expand the SANS training to state and local law enforcement agencies. One official told us that the new training model makes it easier to stay current with the changes in the constantly evolving field of cyber intrusions. Throughout our fieldwork, FBI cyber personnel consistently identified SANS as offering the best, most up-to-date training available. In addition, in a 2013 FBI-wide training survey, 81 percent of respondents cited SANS courses as the most beneficial for cyber professionals. Master s Degree Programs The FBI offers opportunities for qualified FBI personnel to enter a 2-year program to earn a Master of Science degree in Information Technology (MSIT) from Carnegie Mellon University. Currently there are 8 FBI personnel enrolled in the MSIT program and the FBI plans to expand the offer to accommodate up to 15 people in As part of the program, personnel must agree to a 3-year service commitment to the FBI to investigate cyber intrusion threats following graduation from the program. As referenced above, the FBI also is in the process of initiating a similar program at the New York University Polytechnic School of Engineering, in which up to six qualified FBI personnel may enroll. As of January 2015, no FBI 10

16 personnel had been selected to enroll in the program. While the numbers in these programs are small, we believe they may provide an attractive incentive and valuable training to help recruit, develop, and retain a core cadre of FBI cyber professionals. Cyber Training Survey In anticipation of the 2013 federal budget sequestration, which was expected to severely limit training resources, the FBI increased use of online training courses in its cyber curriculum. In August 2013, to gain a better understanding of the training needs of the cyber workforce, the FBI surveyed approximately 1,400 personnel with cyber responsibilities and received 1,154 responses (a response rate of approximately 82 percent). The results were compiled and documented in a November 2013 internal Cyber Division report. 11 We reviewed the report and found that the majority of respondents investigating cyber matters were relatively new to their position (reporting less than 5 years of experience in their current FBI position). The report noted that more than 80 percent of respondents preferred classroom courses. In addition, all of those respondents who reported they were working on cyber matters expressed a strong interest in advanced cyber training. The most requested training courses offered by SANS were: Cutting-Edge Hacking Techniques; Network Penetration Testing; and Hacker Techniques, Exploits and Incident Handling. We were told by the FBI that based on responses to the survey, the cyber curriculum was revised and approved in November According to the FBI, the new cyber curriculum is based on several findings from the training survey, including: (1) designing the curriculum so that individuals from different academic and technical backgrounds can be trained to be cyber investigators; (2) balancing the technical courses offered by SANS and other investigative training courses; and (3) an overwhelming preference for classroom-based training, especially higherlevel technical courses. Computer Scientists To strengthen its abilities to address the growing cyber threat and evolving technology, the FBI developed the Computer Scientists Field Operations Program to try to ensure adequate resources are available to enhance investigative and intelligence operations related to cyber intrusion threats. To address this requirement, during the fourth quarter of FY 2012 as part of the Next Gen Cyber Initiative, the FBI realigned its internal funded staffing levels (FSL) to include at least one computer scientist in each field office. Due to a FY 2014 enhancement, the Cyber Division was authorized to hire 134 Computer Scientists to address the need for advanced cyber skills within the FBI. The FBI is currently hiring and training computer scientists. The goal is to 11 Federal Bureau of Investigation Cyber Division Cyber Training and Logistics Unit, Cyber Training Survey Data, November 8,

17 assign at least 1 computer scientist to Cyber Task Forces in each of the 56 field offices. As of January 2015, however, 52 of the 134 Computer Scientist positions remained vacant and 5 of 56 field offices did not have at least 1 computer scientist, as planned. All newly hired computer scientists are required to attend a 7-week training program at the FBI Academy in Quantico, Virginia. The objective is to teach computer scientist personnel how to apply their technical expertise in support of FBI investigations and operations. Since the implementation of the Next Gen Cyber Initiative, there have been four training cycles of the Computer Scientists Field Operations Program. We were told by the FBI that because of the FY 2013 federal budget sequestration and government-wide hiring freeze, it has taken more time than originally anticipated to meet the intended computer scientist hiring goal. The FBI is also trying to hire more computer scientists from within the FBI and has listed vacancy announcements soliciting current FBI personnel to fill computer scientist positions. The Assistant Director of the Cyber Division acknowledged that computer scientist position pay scales cannot compete with private sector pay scales. Therefore, in FY 2015 the Cyber Division requested and provided justification to hire four senior level positions under the Senior Level and Scientific Position (SL/ST) pay system to attract high-level, technically trained subject matter experts that are extremely difficult to recruit under the standard general pay scale. 12 Currently, the FBI employs contractors and cyber professionals to fulfill these highly technical positions. We were told by the FBI that the Senior Level and Scientific positions would provide it with a better opportunity to retain these highly skilled FBI cyber professionals, as well as provide a financial savings by potentially converting FBI contractor employees to government positions. In addition to identifying alternate higher pay scales, the FBI is currently reviewing programs used by other agencies to attract qualified computer scientists, including programs that the NSA and CIA use to develop and attract high school students. 12 Senior Level (SL) positions require individuals whose duties are broad and complex enough to be classified above the GS-15. Scientific or Professional (ST) positions require individuals with high-level research and development experience in physical, biological, medical, or engineering sciences, or a closely related field. 12

18 Expansion of Cyber Task Forces Cyber Task Forces play an important role in the FBI s efforts to investigate and respond to significant cyber incidents. Although Cyber Task Forces have been established under the Next Gen Cyber Initiative in each of the 56 field offices, the FBI faces significant challenges in recruiting external partners to join the Cyber Task Forces. According to the FBI, few state and local agencies are predisposed to join a task force focused on cyber intrusions because they may not fully understand the cyber threat, they may believe that cyber intrusions are inherently a federal matter, or they may not have resources or personnel to detail an officer to the local Cyber Task Force. However, cyber intrusions affect businesses and individuals throughout the United States. The FBI s ability to coordinate domestic cyber threat information in local communities and respond to cyber incidents may be hindered by its inability to successfully recruit state and local partners on a consistent basis. Cyber Task Forces Prior to October 2012, Cyber Crime Task Forces were established in 45 of the 56 FBI field offices as part of the FBI s Cyber Crime Program. These task forces were responsible for investigating computer related crimes, including child pornography, theft of intellectual property, internet money laundering, gambling, and extortion. One of the objectives of the Next Gen Cyber Initiative was to redirect existing cyber squad resources to focus on cyber intrusion threats and incidents and establish a Cyber Task Force to do this work in each of the 56 field offices. After the Next Gen Cyber Initiative launched in October 2012, the FBI s Cyber Crime Program transitioned to the Criminal Investigative Division and the Cyber Division was restructured to focus solely on cyber intrusions. Consequently, Cyber Task Forces were established in all of the 56 FBI field offices and focused exclusively on cyber intrusions. Also, FBI cyber intrusion program management was centralized within the FBI Cyber Division. According to an FBI official, the Cyber Task Force is the unifying structure at the field office level that aggregates all personnel working computer intrusion threats. Cyber Task Forces, led by a Cyber Squad Supervisor, work on computer intrusion threats and incidents and are comprised of FBI personnel and personnel detailed from other agencies. 13 One FBI official described each Cyber Task Force as a multidisciplinary, cross-program, and multi-agency team that synchronizes the efforts of those with a role in cyber investigations. According to the Assistant Director of the Cyber Division, the case load for Cyber Task Forces is about 54 percent criminalrelated matters and 46 percent national security-related matters. 13 The personnel assigned to a Cyber Task Force may include Special Agents, Intelligence Analysts, Computer Scientists, and other professional staff from the FBI; and Task Force Officers, Task Force Members, and Task Force Participants detailed from other agencies. 13

19 According to FBI officials, the cyber intrusion threat has become increasingly relevant to state and local law enforcement agencies since entities targeted for cybercrime are located within state and local law enforcement agencies areas of responsibilities. For example, in June 2014, the GameOver Zeus botnet targeted businesses and consumers throughout the United States, which resulted in complaints to state and local law enforcement agencies. The FBI s Cyber Task Forces are designed to lead interagency efforts to combat criminal and national security related cyber intrusion threats. As a result, the FBI seeks national, state, and local agency-level participation. Participants do not have to be sworn law enforcement officers. Civilian employees such as computer scientists and analysts working in the private sector, academic institutions, or other government agencies, such as the NSA, may be detailed to the Cyber Task Forces. However, we found that the FBI has encountered challenges in attracting external participants to its Cyber Task Forces. According to the FBI, few state and local law enforcement agencies are motivated to join a task force focused on cyber intrusion threats because they may not fully understand the cyber threat, they may believe that cyber intrusion investigations are inherently a federal matter, or they may not have the resources or personnel to detail an officer to the local Cyber Task Force. One FBI official stated that although state and local law enforcement agencies may not see cyber intrusion threats as an important concern, it will become more of an issue for them in the near future as cyber intrusions increase and the effects of those intrusions are felt at the state and local level. We were told by the FBI that the lack of external participation on Cyber Task Forces in each of the FBI s field offices may limit the sharing of critical information and hinder the FBI s ability to adequately investigate and address future cyber intrusion threats. As a result, the FBI told us that it is continuing its outreach efforts to educate state and local law enforcement agencies about the importance of this work by sharing information through cyber security briefings and offering cyber security training opportunities. We reviewed outreach materials and found that the materials address the domestic threat landscape and the tools used to identify the threats. According to information reported by the field offices to the FBI Cyber Division, as of January 2015, the FBI had 1 Cyber Task Force in each of its 56 field offices. The Cyber Task Forces include over 1,000 members nationwide, representing over 80 state and local agencies, over 30 private sector entities, 6 academic institutions, and over 40 federal agencies, including the U.S. Secret Service, the NSA, and the CIA. In comparison, as of January 2015, the FBI had 71 Joint Terrorism Task Forces (JTTF) focused on investigating terrorism located in 104 cities nationwide, with at least 1 in each of the FBI s 56 field offices. According to the FBI s website, the JTTFs include approximately 4,000 members nationwide from over 500 state and local agencies and 55 federal agencies, including the Department of Homeland Security, the United States military, Immigration and Customs Enforcement, and the Transportation Security Administration. In addition to the challenges mentioned above, FBI Cyber Division headquarters communications with the FBI field offices may have lacked sufficient 14

20 detail about the resources available to facilitate such participation. As result, field offices may have failed to consistently interpret the resources available for recruiting TFOs. For example, at two of the field offices we visited, FBI officials told us that one of the challenges in recruiting state and local participation is that they are unable to offer incentives to TFOs. However, at another field office, a TFO told us that the FBI provided use of computers, a government vehicle, and cyber training as incentives to attract TFOs to the Cyber Task Force. Additionally, the same TFO stated that the FBI field office provided additional resources, such as access for his local agency to the field office Computer Analysis Response Team (CART) lab examiners who process evidence. 14 We believe that the Cyber Division should ensure that all field offices are fully informed of the resources available to facilitate such participation. While we are concerned about the lack of non-fbi representation on a number of Cyber Task Forces, there are signs that the FBI s efforts to bring in personnel from other agencies are yielding some results. In addition to the recruitment efforts for personnel from state and local agencies, in June 2014, the Assistant Director of the FBI Cyber Division told us that the NSA is in the process of selecting a total of six analysts to assign to Cyber Task Forces based in the San Antonio, Chicago, Atlanta, Detroit, San Francisco, and Pittsburgh field offices. One field office we visited had a Special Agent from the Department of Defense Office of the Inspector General assigned to its Cyber Task Force. Another field office had two part-time analysts from the United States Cyber Command. While these are positive developments, we believe the FBI needs to continue its efforts to educate and make it possible for other important partners, particularly including state and local law enforcement partners, to participate on the Cyber Task Forces and ensure all relevant Cyber Task Force information, including resources 14 FBI s CART examiners provide digital forensic services to FBI investigators and, in certain instances, federal, state, and local partners. CART examiners analyze digital media including desktop and laptop computers, CDs/DVDs, and other forms of digital evidence. 15

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM COMMITTEE ON JUDICIARY UNITED STATES SENATE ENTITLED:

More information

STATEMENT OF BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE ENTITLED

STATEMENT OF BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE ENTITLED STATEMENT OF ROBERT ANDERSON, JR. EXECUTIVE ASSISTANT DIRECTOR CRIMINAL, CYBER, RESPONSE, AND SERVICES BRANCH FEDERAL BUREAU OF INVESTIGATION DEPARTMENT OF JUSTICE BEFORE THE COMMITTEE ON HOMELAND SECURITY

More information

STATEMENT OF JOSEPH DEMAREST ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE

STATEMENT OF JOSEPH DEMAREST ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE STATEMENT OF JOSEPH DEMAREST ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE HOMELAND SECURITY COMMITTEE SUBCOMMITTEE ON COUNTERTERRORISM AND INTELLIGENCE AND SUBCOMITTEE ON

More information

AND RESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified

AND RESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified CYBER THREATS AND RESPONSE Continuity Insights Conference Chicago June 18-19, 2013 Unclassified OBJECTIVES Why it is important Threats, players, and response FBI s Next Generation Cyber Government and

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Establishing a State Cyber Crimes Unit White Paper

Establishing a State Cyber Crimes Unit White Paper Establishing a State Cyber Crimes Unit White Paper Utah Department of Public Safety Commissioner Keith Squires Deputy Commissioner Jeff Carr Major Brian Redd Utah Statewide Information & Analysis Center

More information

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities.

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities. GAO United States General Accounting Office Testimony Before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate For Release on Delivery Expected

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

AT A HEARING ENTITLED THREATS TO THE HOMELAND

AT A HEARING ENTITLED THREATS TO THE HOMELAND STATEMENT OF JAMES B. COMEY DIRECTOR FEDERAL BUREAU OF INVESTIGATION BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE AT A HEARING ENTITLED THREATS TO THE HOMELAND

More information

Monday, November 17, 2014 to Monday, December 8, 2014

Monday, November 17, 2014 to Monday, December 8, 2014 Job Title:Cyber Internship Program Department:Department Of Justice Agency:Federal Bureau of Investigation Job Announcement Number:S-GIP-2015-0002 SALARY RANGE: OPEN PERIOD: SERIES & GRADE: POSITION INFORMATION:

More information

FBI CHALLENGES IN A CYBER-BASED WORLD

FBI CHALLENGES IN A CYBER-BASED WORLD FBI CHALLENGES IN A CYBER-BASED WORLD Federal Bureau of Investigation Assistant General Counsel Robert Bergida 202-651-3209 Overview Cyber Threats FBI Mission FBI Response Terrorism remains the FBI s top

More information

Fast Facts About The Cyber Security Job Market

Fast Facts About The Cyber Security Job Market Cybersecurity Cybersecurity is the measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack. Cybersecurity is the faster growing IT job, growing

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 5505.13E March 1, 2010 ASD(NII)/DoD CIO SUBJECT: DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3) References: See Enclosure 1 1. PURPOSE. This Directive:

More information

GAO CYBERSECURITY HUMAN CAPITAL. Initiatives Need Better Planning and Coordination

GAO CYBERSECURITY HUMAN CAPITAL. Initiatives Need Better Planning and Coordination GAO November 2011 United States Government Accountability Office Report to the Chairman, Subcommittee on Immigration, Refugees, and Border Security, Committee on the Judiciary U.S. Senate CYBERSECURITY

More information

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the

More information

U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY. +$106.8 Million in Program Increases. FY 2016 Overview

U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY. +$106.8 Million in Program Increases. FY 2016 Overview U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY +$106.8 Million in Program Increases FY 2016 Overview Defending U.S. citizens from both internal and external threats remains the Department

More information

Review of the Organized Crime Drug Enforcement Task Forces Fusion Center

Review of the Organized Crime Drug Enforcement Task Forces Fusion Center Review of the Organized Crime Drug Enforcement Task Forces Fusion Center March 2014 I-2014-002 EXECUTIVE SUMMARY INTRODUCTION This review examined the operations of the Organized Crime Drug Enforcement

More information

Federal Bureau of Investigation

Federal Bureau of Investigation Federal Bureau of Investigation SSA John Caruthers Cyber Criminal Section SSA Kenneth Schmutz Cyber National Security Section April 11, 2012 FBI Mission Cyber Threats FBI Response 1. Protect the United

More information

Department of Homeland Security

Department of Homeland Security DHS' Efforts to Coordinate the Activities of Federal Cyber Operations Centers OIG-14-02 October 2013 Washington, DC 20528 / www.oig.dhs.gov October 24, 2013 MEMORANDUM FOR: The Honorable Suzanne Spaulding

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

The FBI and the Internet

The FBI and the Internet The FBI and the Internet Special Agent Robert Flaim Federal Bureau of Investigation Presentation Goals To give you a better understanding of: The FBI Cyber Division, its priorities, and its mission The

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

FBI: Taking down Botnets - Testimony

FBI: Taking down Botnets - Testimony FBI: Taking down Botnets - Testimony Joseph Demarest Assistant Director, Cyber Division Federal Bureau of Investigation Statement Before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism

More information

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations TeleContinuity The Survivable Cyber Solution Presentation For Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations 2007 TeleContinuity, Inc.. All Rights

More information

THE FEDERAL BUREAU OF INVESTIGATION S WEAPONS OF MASS DESTRUCTION COORDINATOR PROGRAM

THE FEDERAL BUREAU OF INVESTIGATION S WEAPONS OF MASS DESTRUCTION COORDINATOR PROGRAM THE FEDERAL BUREAU OF INVESTIGATION S WEAPONS OF MASS DESTRUCTION COORDINATOR PROGRAM U.S. Department of Justice Office of the Inspector General Audit Division Audit Report 09-36 September 2009 THE FEDERAL

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

El Camino College Homeland Security Spring 2016 Courses

El Camino College Homeland Security Spring 2016 Courses El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore

More information

U.S. Department of Justice

U.S. Department of Justice U.S. Department of Justice Federal Bureau of Investigation Office of the Director Washington, D.C. 20535-0001 February 1,2013 The Honorable Barbara A. Mikulski Chairwoman Senate Appropriations Committee

More information

VA Office of Inspector General

VA Office of Inspector General VA Office of Inspector General OFFICE OF AUDITS AND EVALUATIONS Department of Veterans Affairs Audit of Office of Information Technology s Strategic Human Capital Management October 29, 2012 11-00324-20

More information

THE DEPARTMENT OF JUSTICE S EFFORTS TO COMBAT IDENTITY THEFT. U.S. Department of Justice Office of the Inspector General Audit Division

THE DEPARTMENT OF JUSTICE S EFFORTS TO COMBAT IDENTITY THEFT. U.S. Department of Justice Office of the Inspector General Audit Division THE DEPARTMENT OF JUSTICE S EFFORTS TO COMBAT IDENTITY THEFT U.S. Department of Justice Office of the Inspector General Audit Division Audit Report 10-21 March 2010 THE DEPARTMENT OF JUSTICE S EFFORTS

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS UNITED STATES SENATE ENTITLED CYBERSECURITY:

More information

2015 List of Major Management Challenges for the CFPB

2015 List of Major Management Challenges for the CFPB September 30, 2015 MEMORANDUM TO: FROM: SUBJECT: Richard Cordray Director Consumer Financial Protection Bureau Mark Bialek Inspector General 2015 List of Major Management Challenges for the CFPB We are

More information

FBI AND CYBER SECURITY

FBI AND CYBER SECURITY FBI AND CYBER SECURITY SSA John Caruthers SSA Ken Schmutz SSA Tom Winterhalter Mission The FBI is the only U.S. agency charged with the authority to investigate both criminal and national security investigations.

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia

CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY by Sazali Sukardi Vice President Research CyberSecurity Malaysia SCOPE INTRODUCTION CYBER SECURITY INCIDENTS IN MALAYSIA CAPACITY BUILDING The Council For

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

Corporate Spying An Overview

Corporate Spying An Overview Corporate Spying An Overview With the boom in informational and technological advancements in recent years, there comes the good and the bad the bad being more susceptibility to the theft of confidential

More information

Five-Year Strategic Plan

Five-Year Strategic Plan U.S. Department of Education Office of Inspector General Five-Year Strategic Plan Fiscal Years 2014 2018 Promoting the efficiency, effectiveness, and integrity of the Department s programs and operations

More information

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME MAY 2004 Page 1 of 7 State of New Hampshire Strategic Plan to Address Cyber Crime May 2004 Introduction Cyber crime, or more broadly, electronic

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security Testimony of Dr. Phyllis Schneck Deputy Under Secretary for Cybersecurity and Communications National Protection and Programs Directorate United States Department of Homeland Security Before the United

More information

SENTINEL AUDIT V: STATUS OF

SENTINEL AUDIT V: STATUS OF SENTINEL AUDIT V: STATUS OF THE FEDERAL BUREAU OF INVESTIGATION S CASE MANAGEMENT SYSTEM U.S. Department of Justice Office of the Inspector General Audit Division Audit Report 10-03 November 2009 Redacted

More information

DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION

DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION TITLE I: AUTHORIZATION OF APPROPRIATIONS Sec. 101. Authorization of Appropriations. This section authorizes

More information

NASA Security: Assessing the Agency s Efforts to Protect Sensitive Information

NASA Security: Assessing the Agency s Efforts to Protect Sensitive Information Testimony before the Subcommittee on Space Committee on Science, Space, and Technology United States House of Representatives For Release on Delivery expected at 10:00 a.m. on June 20, 2014 NASA Security:

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

Federal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad

Federal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad Federal Bureau of Investigation Los Angeles Field Office Computer Crime Squad Overview FBI and Infrastructure Protection Cyber Crime Cases Cyber Law What to do Infrastructure Protection: Traditional Threat

More information

SAFETY AND SECURITY: Opportunities to Improve Controls Over Police Department Workforce Planning

SAFETY AND SECURITY: Opportunities to Improve Controls Over Police Department Workforce Planning SAFETY AND SECURITY: Opportunities to Improve Controls Over Police Department Audit Report OIG-A-2015-006 February 12, 2015 2 OPPORTUNITIES EXIST TO IMPROVE WORKFORCE PLANNING PRACTICES AND RELATED SAFETY

More information

INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh

INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh By Mark Rush and Joe Valenti K&L Gates Cyber crime is a serious threat it cripples companies, damages economies,

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

28 USC 532. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see http://www.law.cornell.edu/uscode/uscprint.html).

28 USC 532. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see http://www.law.cornell.edu/uscode/uscprint.html). TITLE 28 - JUDICIARY AND JUDICIAL PROCEDURE PART II - DEPARTMENT OF JUSTICE CHAPTER 33 - FEDERAL BUREAU OF INVESTIGATION 532. Director of the Federal Bureau of Investigation The Attorney General may appoint

More information

Priority III: A National Cyberspace Security Awareness and Training Program

Priority III: A National Cyberspace Security Awareness and Training Program Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.

More information

Department of Homeland Security Office of Inspector General. Review of U.S. Coast Guard Enterprise Architecture Implementation Process

Department of Homeland Security Office of Inspector General. Review of U.S. Coast Guard Enterprise Architecture Implementation Process Department of Homeland Security Office of Inspector General Review of U.S. Coast Guard Enterprise Architecture Implementation Process OIG-09-93 July 2009 Contents/Abbreviations Executive Summary...1 Background...2

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

FINAL // FOR OFFICIAL USE ONLY. William Noonan

FINAL // FOR OFFICIAL USE ONLY. William Noonan FINAL // FOR OFFICIAL USE ONLY William Noonan Deputy Special Agent in Charge United States Secret Service Criminal Investigative Division Cyber Operations Branch Prepared Testimony Before the United States

More information

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Chairman Johnson, Ranking Member Carper, and Members of the committee: UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

More information

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Follow-up Audit of the Department's Cyber Security Incident Management Program DOE/IG-0878 December 2012

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)

More information

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies

More information

Working with the FBI

Working with the FBI Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,

More information

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking Appendix A: Gap Analysis Spreadsheet Competency and Skill List Competency Critical Thinking Data Collection & Examination Communication & Collaboration Technical Exploitation Information Security Computing

More information

U.S. DEPARTMENT OF TRANSPORTATION

U.S. DEPARTMENT OF TRANSPORTATION U.S. DEPARTMENT OF TRANSPORTATION HISPANIC EMPLOYMENT INITIATIVES (HEIs) 5-POINT PLAN Departmental Office of Civil Rights Internal Policy, Program Development and Support Division, S-32 Washington, DC

More information

Department of Human Resources

Department of Human Resources Workforce Services Workforce Policy and Planning Department Management/ Human Resource Information Systems Employee Relations Employment Compensation and Workforce Analysis Employee Benefits Organizational

More information

DHS. CMSI Webinar Series

DHS. CMSI Webinar Series DHS CMSI Webinar Series Renee Forney Executive Director As the Executive Director for the Cyberskills Management Support Initiative (CMSI), Ms. Forney supports the Undersecretary for Management (USM) for

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON

OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS APRIL 1, 2016 SUBMITTED TO THE TWENTY-EIGHTH

More information

EXECUTIVE ORDER 13714 - - - - - - - STRENGTHENING THE SENIOR EXECUTIVE SERVICE. By the authority vested in me as President by the

EXECUTIVE ORDER 13714 - - - - - - - STRENGTHENING THE SENIOR EXECUTIVE SERVICE. By the authority vested in me as President by the This document is scheduled to be published in the Federal Register on 12/18/2015 and available online at http://federalregister.gov/a/2015-32060, and on FDsys.gov EXECUTIVE ORDER 13714 - - - - - - - STRENGTHENING

More information

American Public University System - A Multi-Disciplinary Approach to Cybersecurity Education

American Public University System - A Multi-Disciplinary Approach to Cybersecurity Education American Public University System - A Multi-Disciplinary Approach to Cybersecurity Education Dr. Clay Wilson, CISSP Program Director, Cybersecurity Studies American Public University System Overview About

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

Information Security Awareness Training and Phishing

Information Security Awareness Training and Phishing Information Security Awareness Training and Phishing Audit Report Report Number IT-AR-16-001 October 5, 2015 Highlights The Postal Service s information security awareness training related to phishing

More information

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative GAO United States Government Accountability Office Report to Congressional Requesters March 2010 CYBERSECURITY Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National

More information

STATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U.

STATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U. STATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U.S. POSTAL SERVICE AND THE CENSUS UNITED STATES HOUSE OF REPRESENTATIVES

More information

Audit of NRC s Network Security Operations Center

Audit of NRC s Network Security Operations Center Audit of NRC s Network Security Operations Center OIG-16-A-07 January 11, 2016 All publicly available OIG reports (including this report) are accessible through NRC s Web site at http://www.nrc.gov/reading-rm/doc-collections/insp-gen

More information

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Statement for the Record Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Before the United States House of Representatives Committee on Homeland

More information

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies: Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice

More information

GAO COMBATING TERRORISM. Observations on Options to Improve the Federal Response. Testimony

GAO COMBATING TERRORISM. Observations on Options to Improve the Federal Response. Testimony GAO For Release on Delivery Expected at 3:00 p.m. Tuesday, April 24, 2001 United States General Accounting Office Testimony Before the Subcommittee on Economic Development, Public Buildings, and Emergency

More information

How To Audit The Mint'S Information Technology

How To Audit The Mint'S Information Technology Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York State Division of Homeland Security and Emergency Services Office of Cyber Security Office of Cyber Security Overview

More information

Work Plan ongoing and planned audit and evaluation projects. Current as of June 5, 2015

Work Plan ongoing and planned audit and evaluation projects. Current as of June 5, 2015 Work Plan ongoing and planned audit and evaluation projects Current as of June 5, 2015 Overview The Work Plan presents the audits and evaluations that the Office of Inspector General (OIG) is conducting

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,

More information

DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION

DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION GROWTH CATALYSTS & LEGISLATION The current policy funding and policy landscape surrounding cybersecurity initiatives and funding is convoluted with

More information

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510 TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME Haya Fetais & Mohammed Shabana Saint Leo University COM- 510 November 23, 2014 Introduction Globalization and technological developments have infiltrated

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

STATEMENT OF ROBERT S

STATEMENT OF ROBERT S STATEMENT OF ROBERT S. MUELLER, III DIRECTOR OF THE FEDERAL BUREAU OF INVESTIGATION BEFORE THE UNITED STATES HOUSE OF REPRESENTATIVES COMMITTEE ON APPROPRIATIONS SUBCOMMITTEE ON COMMERCE, JUSTICE, SCIENCE

More information

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC)

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC) Statement of Mike Sena President, National Fusion Center Association Director, Northern California Regional Intelligence Center (NCRIC) Joint Hearing of the Subcommittee on Emergency Preparedness, Response,

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE Identity is the unique set of characteristics that define an entity or individual. Identity theft is the unauthorized use of an individual

More information

Surviving the Ever Changing Threat Landscape

Surviving the Ever Changing Threat Landscape Surviving the Ever Changing Threat Landscape Kevin Jordan Cyber Security Specialist Dell GLBA FFIEC NCUA PCI HIPAA NERC CIP FISMA 700+ Percentage of U.S. adults who Federal named online and banking state

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Moderator: Panelists: Honorable Preet Bharara, United States Attorney, Southern

More information

STATEMENT OF JOSEPH S. CAMPBELL ASSISTANT DIRECTOR CRIMINAL INVESTIGATIVE DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE

STATEMENT OF JOSEPH S. CAMPBELL ASSISTANT DIRECTOR CRIMINAL INVESTIGATIVE DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE STATEMENT OF JOSEPH S. CAMPBELL ASSISTANT DIRECTOR CRIMINAL INVESTIGATIVE DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM U.S. HOUSE OF REPRESENTATIVES

More information

How To Pay Forensic Scientists At The Postal Inspection Service

How To Pay Forensic Scientists At The Postal Inspection Service July 17, 2000 KENNETH C. WEAVER CHIEF POSTAL INSPECTOR PATRICK R. DONAHOE SENIOR VICE PRESIDENT, HUMAN RESOURCES SUBJECT: Review of Postal Inspection Service Forensic Scientist Salaries (Report Number

More information